To get around this limitation when needed, you can use the 'execute vpn certificate [store] generate [...]' CLI command. This command is run from Global when VDOMs are in use.
Command Syntax
execute vpn certificate [store] generate [cert_name] [key_size] [CN] [Country] [State/Province] [City] [OU] [email] [SANs - optional]
Command Options
store: ca, crl, local, remote
cert_name: Name for Certificate,
purely meant as an identifier
key_Size: Key Encyrption
Size, Options are 1024, 1536, and 2048
CN: Common Name, the name
the certificate is signed for
Country: Country name or
Country Code
State/Province: State or
Province Name
City: City Name
OU: Organizational Unit,
similar to Directories in a Directory Service
email: Email address for IT
Contact
SANS: Other accepted names,
should include CN if CN is to be accepted
SAN Syntax
Email: email:admin@companyname.com
IP Address: IP:1.1.1.1
URL:
URI:http://companyname.com
DNS Name:
DNS:www.companyname.com
Example
execute vpn certificate local generate test_cert 2048 companyname.com CA Ontario Ottawa IT,Certificates admin@companyname.com DNS:companyname.com,DNS:www.companyname.com,DNS:vpn.companyname.com
Certificate Name: test_cert
Key Size: 2048
CN: companyname.com
Country: CA (Canada)
State/Province:
Ontario
City: Ottawa
OU: [root] > IT >
Certificates
Email:
jason@jason.com
Related Articles
Technical Note: FortiGate - Generate CSR via CLI when Subject Alternative Name field is long
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.